VulnHub

Real-time Cybersecurity News

Russian hackers exploit Zimbra flaw in Ukrainian govt attacks

BleepingComputer
Actively Exploited
ExploitVulnerabilityPatchCritical

Overview

Hackers associated with APT28, a group believed to be linked to the Russian military intelligence, are exploiting a vulnerability in the Zimbra Collaboration Suite (ZCS) to target Ukrainian government entities. This attack is part of ongoing cyber operations against Ukraine amid the broader conflict with Russia. The specific flaw being exploited allows attackers to gain unauthorized access, which could lead to significant data breaches or disruptions in government operations. The situation is critical, as it not only affects the security of Ukrainian governmental systems but also reflects the increasing use of cyber tactics in geopolitical conflicts. Ukrainian officials and cybersecurity experts are urging immediate action to patch the vulnerabilities and safeguard sensitive information.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: Zimbra Collaboration Suite (ZCS)
  • Action Required: Update Zimbra Collaboration Suite to the latest version and apply all security patches as they become available.
  • Timeline: Ongoing since recent attacks

Original Article Summary

Hackers part of APT28, a state-backed threat group linked to Russia's military intelligence service (GRU), are exploiting a Zimbra Collaboration Suite (ZCS) vulnerability in attacks targeting Ukrainian government entities. [...]

Impact

Zimbra Collaboration Suite (ZCS)

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since recent attacks

Remediation

Update Zimbra Collaboration Suite to the latest version and apply all security patches as they become available.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Exploit, Vulnerability, Patch, and 1 more.

Read Original Article

Related Coverage

WorldLeaks ransomware group breached the City of Los Angels

Security Affairs

The WorldLeaks ransomware group has launched attacks against the City of Los Angeles, specifically targeting its Metro system, which resulted in a significant system shutdown. This breach forced the Metro to halt operations temporarily, disrupting public transit services. In addition to Los Angeles, two cities in the Bay Area have declared emergencies due to similar ransomware incidents. These attacks are part of a growing trend in which local governments and essential services are increasingly becoming targets for cybercriminals, raising concerns about the security of public infrastructure and the potential for widespread disruption. The implications of such breaches are serious, as they can hinder public safety and essential services.

Mar 21, 2026

Trivy vulnerability scanner breach pushed infostealer via GitHub Actions

BleepingComputer

The Trivy vulnerability scanner was recently compromised in a supply-chain attack orchestrated by a group known as TeamPCP. This attack involved the distribution of credential-stealing malware through official releases and GitHub Actions, which are automated workflows for software development. As a result, users who downloaded the compromised versions of Trivy may have inadvertently installed malware that could steal sensitive information. This incident raises significant concerns about the security of software supply chains and the potential for attackers to exploit trusted platforms to distribute malicious code. Organizations that rely on Trivy for vulnerability scanning need to be aware of this breach and take appropriate measures to safeguard their systems.

Mar 21, 2026

Critical Quest KACE Vulnerability Potentially Exploited in Attacks

SecurityWeek

A recent vulnerability identified as CVE-2025-32975 may have been exploited in attacks targeting the education sector. This flaw affects Critical Quest's KACE systems, which are commonly used for IT management and endpoint security. The potential exploitation raises concerns about the security of sensitive data within educational institutions. As attackers increasingly focus on this sector, it is crucial for organizations to assess their systems and ensure they are protected against such vulnerabilities. Institutions that use KACE products should be particularly vigilant and consider implementing protective measures immediately.

Mar 21, 2026

Critical Langflow RCE vulnerability exploited within 20 hours

SCM feed for Latest

A newly discovered vulnerability, identified as CVE-2026-33017, poses a serious risk by allowing unauthenticated attackers to run arbitrary Python code on vulnerable servers. This flaw was reportedly exploited within 20 hours of its disclosure, raising concerns among cybersecurity experts. Organizations that use systems affected by this vulnerability need to act swiftly to secure their environments. The ability for attackers to execute arbitrary code can lead to severe data breaches and system compromises, making it crucial for affected users to understand their risk and take appropriate measures. As of now, details on specific systems or versions impacted have not been disclosed, leaving many organizations potentially vulnerable.

Mar 20, 2026

SpyCloud report reveals surge in exposed API keys and machine identities

SCM feed for Latest

A recent report from SpyCloud reveals a significant rise in the exposure of non-human identities, specifically API keys and tokens, which reached 18.1 million in 2025. This surge increases the risk for organizations as these exposed credentials can be exploited by attackers to gain unauthorized access to systems. The findings emphasize the need for companies to enhance their security measures around API usage and management, as these keys are often overlooked in traditional security protocols. The report serves as a crucial reminder for businesses to audit their API security practices and monitor for any potential breaches or misuse. Failure to address these vulnerabilities could lead to severe data breaches and operational disruptions.

Mar 20, 2026

Google reverses Android developer verification requirement amidst user backlash

SCM feed for Latest

Google has decided to reverse its plan to require Android developers to link their apps to verified developer accounts, a move that had sparked significant backlash from users. The original requirement, which was set to take effect in September 2026, involved a $25 fee and the submission of personal identification for verification. Many users expressed concerns over privacy and accessibility, arguing that the new rule could limit the diversity of apps available on the platform. By stepping back from this policy, Google aims to maintain a more open app ecosystem while addressing user concerns about potential barriers to entry for developers. This decision reflects the ongoing tension between security measures and user freedom in the app development landscape.

Mar 20, 2026